26f30e177d62e78e82b1b550868ff3ba_JaffaCakes118

General

Target

26f30e177d62e78e82b1b550868ff3ba_JaffaCakes118
Size

25KB
MD5

26f30e177d62e78e82b1b550868ff3ba
SHA1

9eb0f346ff80be8e0c072b8508f39527982fa64b
SHA256

c533d2dd651df0c1a97c7b0e5784b9a42a58e5e64115b540e8c521cbd192e1ca
SHA512

9948211e30ce42860adf23a80b2c2f25397311ec699999d42466ef46d1ae79c883393f0bcefbbcbf5ecd6a6c6d36d99c4a38631a5144506efab76dbcb01f29c9
SSDEEP

384:5ko1XUbCWYacgumUIk3DS43ReqiACL+3Ei91/1Hj/f:C0XUWWYtgNUIkzS43ReuCL+bL/1D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26f30e177d62e78e82b1b550868ff3ba_JaffaCakes118

Files

26f30e177d62e78e82b1b550868ff3ba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c9bb144a94ebf7c04f3ba1dcf07c1c86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
CloseHandle
ReadFile
GetDiskFreeSpaceExA
GetVolumeInformationA
FreeLibrary
GetProcAddress
LoadLibraryA
GetDriveTypeA
GetWindowsDirectoryA
GetComputerNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
DeleteFileA
GetFileSize
CreateFileA
GetTickCount
GetPrivateProfileStringA
lstrcmpiA
SetFileTime
GetSystemDirectoryA
lstrcpyA
CreateFileMappingA
GetFileTime
SetFileAttributesA
GetFileAttributesA
MultiByteToWideChar
WriteFile
ExitThread
Sleep
FindClose
lstrcpynA
UnmapViewOfFile
FindFirstFileA
CreateThread
WaitForSingleObject
CreateMutexA
TerminateThread
ReleaseMutex
GetModuleFileNameA
GetModuleHandleA
OpenFileMappingA
SetErrorMode
RtlUnwind
MapViewOfFile
lstrlenA
lstrcatA
SetEndOfFile
SetFilePointer
FindNextFileA

user32

GetKeyNameTextA
SetTimer
UnhookWindowsHookEx
GetActiveWindow
SetWindowsHookExA
GetWindowTextA
CallNextHookEx
CharLowerA
wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameA

ws2_32

recv
inet_ntoa
gethostbyname
gethostname
closesocket
send
connect
socket
htons
WSAStartup

Exports

Exports

Ku

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9bb144a94ebf7c04f3ba1dcf07c1c86

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 3KB - Virtual size: 25KB

Shared Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 3KB - Virtual size: 25KB

Shared
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB